ClawHub

Buddy Skill Creator

Security checks across malware telemetry and agentic risk

Overview

The skill’s buddy-creation purpose is coherent, but it needs Review because it processes private chats/photos through an external API, persists persona files, and uses weak disclosure and transparency safeguards.

Install only after reviewing the privacy tradeoffs. Use synthetic or redacted material where possible, do not upload another person’s chats/photos without permission, assume selected content may be sent to EvoLink, review generated buddy files before use, and avoid processing untrusted imports until the API helper and write safeguards are tightened.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (31)

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The skill tells users that data is 'only stored locally,' yet it also documents sending imported chats, photos, and other personal content to the EvoLink API for analysis. This is a real privacy and transparency failure because users may disclose sensitive third-party and personal data under a misleading assumption about where it goes.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The skill claims that AI analysis leaves no retained data, but the implementation only shows a POST to a third-party API and provides no technical or contractual basis for a no-retention guarantee. This creates a deceptive privacy representation that could expose highly sensitive relationship, identity, and communication data to unknown retention or secondary use.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The template explicitly instructs the generated persona to claim it is a real person and not an AI. This is a deception pattern that can mislead users about the system’s nature, undermine informed consent, and increase susceptibility to emotional manipulation or unsafe reliance, especially in a companion-style skill built from intimate personal data.

Missing User Warnings

High
Confidence
95% confidence
Finding
The README explicitly encourages users to import highly sensitive personal data such as private chat histories, social media screenshots, and photos in order to build a persona, but it provides no privacy, consent, minimization, retention, or third-party processing warnings. In the context of a skill that sends data to an external API, this creates a substantial risk of unauthorized processing of other people’s personal data, privacy violations, and downstream misuse of intimate or identifying content.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README explicitly encourages users to import highly sensitive personal data such as private chat histories, social media screenshots, and photos, but provides no warning about consent, lawful basis, retention, or privacy risks. In the context of a skill designed to recreate a person-like AI persona, this increases the likelihood of unauthorized cloning, exposure of third-party data, and misuse of intimate or identifying information.

Missing User Warnings

High
Confidence
95% confidence
Finding
The README explicitly encourages users to import highly sensitive personal data such as chat histories, social media screenshots, and photos in order to create an AI persona, but it provides no warning about privacy, consent, or the legal/ethical risks of using another person's data. In this skill's context, the omission is especially dangerous because the feature is designed to imitate real people ('parle comme eux'), increasing the likelihood of non-consensual cloning, exposure of private communications, and misuse of intimate data.

Missing User Warnings

High
Confidence
97% confidence
Finding
The README states that AI analysis is performed through the EvoLink API but does not clearly disclose that imported chats, photos, or social content may be transmitted to a third-party service for processing. This is dangerous because users may believe data stays local when in reality highly sensitive personal information could leave their environment, creating privacy, compliance, and consent risks that are amplified by the intimate nature of the imported content.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README explicitly encourages users to upload highly sensitive personal data such as chat histories, screenshots, and photos, but provides no warning about privacy risks, consent requirements, retention, or third-party processing via the EvoLink API. In this skill’s context, that omission is material because the core workflow normalizes sending intimate multi-party data to an external service, increasing the chance of unauthorized disclosure, non-consensual processing, and regulatory/privacy violations.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README explicitly encourages users to provide highly sensitive personal data such as chat logs, screenshots, and photos to an external AI service, but it gives no warning about privacy risks, data transmission, retention, third-party processing, consent, or legal obligations. In this skill context, that omission is more dangerous because the tool is specifically designed to ingest intimate interpersonal data to build personas, which increases the likelihood of exposing private or third-party information without informed user consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README explicitly encourages importing highly sensitive personal data such as private chat logs, screenshots, photos, and social media content, but does not present a clear, prominent warning about privacy, consent, retention, or risks of creating a persistent AI replica of a real person. This is dangerous because users may upload third-party data without permission, exposing intimate content and enabling unauthorized profiling or impersonation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README encourages users to import highly sensitive third-party and personal data such as chat histories, social-media screenshots, and photos, but provides no warning about privacy, consent, or lawful data handling. In this skill's context, that omission is especially risky because the product explicitly aims to recreate a person-like AI persona from intimate source material, increasing the chance of non-consensual cloning, privacy violations, and misuse of sensitive data.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The README promotes importing personal data while mentioning EvoLink API and external model processing, but it does not clearly warn users that uploaded chats, photos, and screenshots will be sent to an external service for analysis. This lack of disclosure can cause users to unknowingly transmit sensitive personal or third-party information off-platform, creating substantial privacy, compliance, and data-governance risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README explicitly encourages importing chat histories, social media screenshots, and photos to build a persona, but provides no privacy, consent, retention, or sensitive-data handling warning. This creates a real privacy and safety risk because users may upload third-party personal data or intimate content without authorization, potentially exposing sensitive information to the skill provider or downstream APIs.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The README explicitly encourages importing highly sensitive personal data such as private chat histories, screenshots, and photos, while also stating the feature is powered by the EvoLink API, but it provides no privacy notice, consent guidance, retention details, or warning that this data may be transmitted to a third-party service. In a skill centered on modeling real people and relationships, this omission materially increases the risk of unauthorized disclosure, over-collection of third-party data, and privacy harms to both the user and other people captured in the imported content.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger phrases include very broad natural-language requests such as wanting a buddy or asking for one to chat, which can cause accidental activation in ordinary conversation. In this skill, unintended activation is more dangerous than usual because activation may lead into collection of private messages, photos, and social data for persistence and external analysis.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill solicits highly personal source material but does not prominently warn users that imported data will be sent to an external API. Because the workflow centers on ingesting chats, photos, and social media artifacts, the missing disclosure materially increases the risk of uninformed sharing of sensitive personal and third-party data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The PRD explicitly states that highly sensitive user-provided materials such as chats, photos, and descriptions will be analyzed via the EvoLink API, but it does not require a clear user-facing notice, consent flow, or data-handling disclosure at the point of collection. Because these materials can contain private data about both the user and third parties, transmitting them to an external processor without prominent informed consent creates a real privacy and compliance risk.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The supported data sources include private chat exports, photos, and social media screenshots, which often contain personal data of non-users who may not have consented to processing. The PRD mentions respecting privacy in general terms, but it does not impose strong consent requirements, warnings, or safeguards against uploading third-party data, making misuse and unlawful processing materially more likely.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The correction trigger phrases are broad enough to match ordinary conversational feedback such as '不对', '感觉不对', or tone comments, which can cause the system to enter a state-changing correction workflow unintentionally. In this skill, that is more dangerous because the workflow updates persona and memory files, so benign user reactions can silently rewrite persistent behavior and identity data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The instructions explicitly tell the agent to append to files, alter original content, and regenerate SKILL.md, but provide no safeguards around authorization, data sensitivity, auditability, or bounded write scope. In a skill that imports highly personal sources like chat logs, photos, and social posts, unsafe file modification can corrupt persona state, persist manipulated memories, or overwrite sensitive configuration based on ambiguous or adversarial input.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The prompt explicitly encourages users to import real chat histories and other personal materials to build a persona, but it provides no warning, consent guidance, minimization advice, or handling boundaries for sensitive personal data. In this skill context, that increases the likelihood of collecting private or third-party data without informed consent, which can expose intimate conversations, identifiers, and other sensitive content.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The prompt explicitly instructs the agent to use an Edit tool to append content into files, but it does not require any user-facing confirmation, preview, or consent before modifying persisted skill artifacts. In a skill that processes imported chats, photos, and social media-derived material, silent file mutation can cause unintended persistence of sensitive, incorrect, or adversarially injected content and makes prompt-injection or data-poisoning outcomes more durable.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The prompt explicitly instructs the model to extract detailed interpersonal memories and behavioral patterns from chat logs and other personal materials, but it provides no consent check, data-minimization guidance, or privacy notice. In this skill’s context, the inputs are likely to contain highly sensitive third-party and relationship data, making unauthorized profiling, oversharing, or retention of personal details more likely.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script intentionally extracts highly sensitive EXIF metadata, including GPS coordinates and timestamps, and writes them into a report file without any privacy warning, consent checkpoint, minimization, or redaction. In the context of a 'buddy/persona' skill that encourages importing personal photos, this can expose home/work locations, routines, and movement history, creating meaningful privacy and safety risk if the report is shared, synced, or stored insecurely.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This script aggregates discovered social-media text files and writes their contents into a consolidated report on disk, which can expose sensitive personal data such as chats, posts, identifiers, or exported account information. In the context of a skill explicitly designed to ingest personal chat history, photos, and social-media content, silent bulk copying materially increases privacy risk and the chance of secondary disclosure through logs, shared workspaces, or later processing.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal